From 34dab9009c2f1aa61531b8e2af180055806b0a17 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Thu, 25 Feb 2021 08:10:13 -0500 Subject: [PATCH] Ensure Zeek spool dir is owned by Zeek to allow Zeek to start correctly --- salt/zeek/init.sls | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/salt/zeek/init.sls b/salt/zeek/init.sls index 8cb9f5d21..fe6478464 100644 --- a/salt/zeek/init.sls +++ b/salt/zeek/init.sls @@ -73,6 +73,14 @@ zeekpolicysync: - group: 939 - template: jinja +# Ensure the zeek spool tree (and state.db) ownership is correct +zeekspoolownership: + file.directory: + - name: /nsm/zeek/spool + - user: 937 + - recurse: + - user + # Sync Intel zeekintelloadsync: file.managed: